Messages

1

News and Announcements / Re: First release candidate for Zentyal 3.0 available!

« on: August 27, 2012, 04:37:48 pm »

Thank you for this research. I take it the fastest solution for me is to start all over and make a clean install (doesn't take so long) once iptables 1.4.13 has been released.

I take it zentyal should be able to bridge 2 nics and apply various working firewall rules? I am not doing something weird here, right?

2

News and Announcements / Re: First release candidate for Zentyal 3.0 available!

« on: August 27, 2012, 02:54:50 pm »

In a followup to my previous network configuration issue:

Zentyal managed to produce a packet storm, shutting down the WAN switch.

Can anyone give me any insight in whether Zentyal is able to create a firewall usable on bridged networks or not? Currently, zentyal fails miserably, but that could be a beta issue.

3

News and Announcements / Re: Zentyal 3.0-rc1 images available for testing!

« on: August 27, 2012, 02:10:00 pm »

Well, I completed the normal installation and it all looked fine (installed network and firewall modules), up until the moment I configured eth0 and eth1 to be bridged with br1 using dhcp. This reconfiguration caused an error in zentyal (firewall) that I couldn't save anywhere (no text editor installed). Since that moment, my network configuration hasn't worked. Zentyal reports the correct configuration, but zentyal has no IP configuration anymore and the webpage is inaccessible as a result. I tried running "dhclient br1" which used to help on zentyal-2.3, but in 3.0 it fails with iptables giving this error: option "--physdev-is-bridged" cannot be inverted.

So, now I have a 3.0 install with no network configuration and no network access and no obvious way to proceed (except for a total reinstall).

I'd like to call this a huge bug. :-/

4

News and Announcements / Re: Zentyal 3.0-rc1 images available for testing!

« on: August 27, 2012, 01:14:55 pm »

Currently trying a normal installation that install X no less... I expect the final installation to be significantly larger than the minimal virtual install. I was hoping for a web-only solution but I know this is a pipe-dream as Zentyal firewall completely shuts off all communication when installed. I would still vote for at least letting zentyal web to pass through per default.

5

News and Announcements / Re: Zentyal 3.0-rc1 images available for testing!

« on: August 27, 2012, 12:50:36 pm »

Huh? I just downloaded the Zentyal 3.0-rc1 image, burned it to a CD and it installed just fine.

Arch

It seems not all install options lead to a Zentyal installation, then. Could anyone let me (us) know which options to chose and which not to chose?

I am running it on Hyper-V (shouldn't matter) which is why I chose minimal virtual server installation. Also, as I only want the bridge/firewall options, I'd prefer not to install too much (waste of space and requires maintenance).

6

News and Announcements / Re: Zentyal 3.0-rc1 images available for testing!

« on: August 27, 2012, 12:21:48 pm »

Is it just me or does the 3.0-RC1 image not install any zentyal packages at all?

It doesn't even have the zentyal repository added.

How do I install zentyal from this image? (I installed as minimal virtual server install).

7

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 23, 2012, 04:37:47 pm »

Update: It seems after a reboot, I have to wait for some (3-5) minutes and then suddenly my firewall rules are obeyed. Prior to that, nothing works (except ping, which I have no rule for). This delay of course confuses my testing as I expected immediate results from firewall changes.

This doesn't just happen after a reboot. Seems to happen if just the service is restarted. Can this delay be removed somehow? It is not good service to block network communication for several minutes just to reboot a firewall or restart the service.

8

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 23, 2012, 04:22:32 pm »

Update: It seems after a reboot, I have to wait for some (3-5) minutes and then suddenly my firewall rules are obeyed. Prior to that, nothing works (except ping, which I have no rule for). This delay of course confuses my testing as I expected immediate results from firewall changes.

I did install the "dbus" package and all my dbus errors have vanished. I suggest to add dbus to your list of dependencies. Installing dbus however didn't solve anything except for the displayed error.

The last remaining error is that I have to run "sudo dhclient br1" after each boot if I want any nameserver usage with ubuntu/zentyal. I don't know why ubuntu/zentyal fails to setup nameservers (/etc/resolv.conf is always empty upon boot but is filled (correctly) with 'sudo dhclient br1').

9

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 23, 2012, 03:47:02 pm »

Ok, I do see some rules appear in iptables when I enter them in zentyal firewall, so it isn't all bad.

But I cannot make external network access zentyal administration (port 443). In fact, I can't get any http or https access to neither zentyal nor to the internal network. I have added these rules:

Internal networks to Zentyal:
ACCEPT, any source, Zentyal Administration [this works. didn't work after reboot (connection established, but no data received)]
ACCEPT, any source, Desktop Services [this works. didn't work after reboot (connection established, but no data received)]

Internal networks:
ACCEPT, any source, dhcp (udp: sp:67, dp:68) [works. works after reboot]

External networks to Zentyal:
ACCEPT, any source, Zentyal Administration (port 443) [no connection. didn't work after reboot]
ACCEPT, any source, HTTP (port 80) [no connection. didn't work after reboot]

External networks to internal networks:
ACCEPT, any source, any destination, Zentyal Administration (port 443) [no connection. didn't work after reboot]
ACCEPT, any source, any destination, HTTP (port 80) [no connection. didn't work after reboot]

Traffic coming out from Zentyal:
- (no rules)

In iptables, I do see port 443/80 rules in the INPUT and FORWARD sections, but only iglobal matches packets. Why wouldn't forwarding rules match the 80/443 ports?

10

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 22, 2012, 04:26:36 pm »

I added zentyal service in the firewall section (external to zentyal) to be able to control zentyal after a reboot, but the rule does not appear in the iptables. Can I expect my rules to show up in iptables? If yes, then the firewall module still isn't working well, at least on ubuntu 12.04 LTS.

11

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 22, 2012, 04:01:13 pm »

I reboot my system to see what the stored settings would start my server with, and well, as expected, the firewall was in total blocking mode, so I opened it with the above 4 iptables commands. The settings looked ok, but checking things on the command line, I could see that /etc/resolv.conf was empty (nslookup didn't work), but br1 did have an ip (so dhcp had been run). My routing table was also lacking a default route. I decided to run "sudo dhclient br1" and now /etc/resolv.conf had the nameservers setup. I could ping the nameservers so routing is working.

But basically, my main issue is the tighter than tight firewall, that I have to run dhclient manually upon boot and the numerous dbus errors.

Adding the zentyal repository directly in /etc/apt/sources.list produces a duplicate error when I run sudo apg-get update. So I removed it again. I am therefore running with the current zentyal which does not seem compatible with ubuntu 12.04 LTS.

12

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 22, 2012, 03:04:08 pm »

Turns out it was the iptables wrecking my communication. Finally found the commands to allow everything through:

iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -F

Now I can use FQDN again. Never used iptables before which is why I couldn't understand what was going on.

I could now enter the zentyal web page again and reconfigure my network. The upgrade simply erased the current configuration and when I recreated the bridge, it worked. It unfortunately also enabled the firewall again which means zentyal is yet again unavailable for configuration... sigh.

Could we perhaps get a default configuration that is not so strict? It is frustrating to mess manually with iptables to punch holes through when a web-UI is so very close at hand, yet still out of reach.

13

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 22, 2012, 01:46:47 pm »

Also, I did get partial network working:

sudo ifconfig eth0 up
sudo dhclient eth0

The last command produces numerous dbus errors, but eth0 received IP information. But I have no name-servers and as such, I can't access named repositories. How do I get name-service running (provided by dhcp)?

Edit: /etc/resolv.conf has the correct information, but nslookup doesn't use it. Could be I am lacking a gateway/route information? I though dhclient would set this up...

14

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 22, 2012, 01:44:00 pm »

Can you add the zentyal 2.3 repositories to sources.list then do a 'sudo apt-get update' ?
After that upgrade your system... I think it has to do with the lack of those repositories.

Just for confirmation: The zentyal source in /etc/apt/sources.list.d/ has no value in this respect? Because it contains the exact line you want me to add to /etc/apt/sources.list. It seems to be, the sources.list.d directory is just na easier way to manage 3rd party repositories.

But I can try to add the lines from /etc/apt/sources.list.d/zentyal-2_3-precise.list to /etc/apt/sources.list (like this), just to test it:

cat /etc/apt/sources.list.d/zentyal-2_3-precise.list >> /etc/apt/sources.list

15

Installation and Upgrades / Re: Upgraded. Now just /var/run/dbus/system_bus_socket errors.

« on: August 22, 2012, 12:47:42 pm »

Did you have a look at http://trac.zentyal.org/wiki/Documentation/Community/Installation/InstallationGuide ??

This is the guide I followed, although I upgraded instead of clean-installed zentyal.

Can you check if you have all the repositories for zentyal 2.3 added in /etc/apt/sources.list

There doesn't seem to be any zentyal repositories in that list. This is strange as I did use the commands below to upgrade:

You may also copy & paste this single command line in order to add the repository along with the key

sudo apt-get install -y python-software-properties && sudo add-apt-repository ppa:zentyal/2.3 && sudo apt-get update

If this doesn't help, you could consider using the zentyal 2.3 installer

That is an option I haven't tried yet.

I did find this in /etc/apt/sources.list.d/zentyal-2_3-precise.list, though:
deb http://ppa.launchpad.net/zentyal/2.3/ubuntu precise main
deb-src http://ppa.launchpad.net/zentyal/2.3/ubuntu precise main


Maybe I should uninstall zentyal 2.3.4 completely before installing 2.3.8. But can't see why this wouldn't cause dbus errors.

Regarding dbus: I do not have any package installed creating the dbus socket. This is why I originally thought that 2.3.8 is expecting dbus socket to be present but doesn't have the dependency for the package providing the dbus socket. This would explain the dbus error and possibly also why zentyal caused this problem in the first place?